Home > Security News > Microsoft offers workaround for Word flaw
Security News:
EMAIL THIS

Microsoft offers workaround for Word flaw

By Bill Brenner, Senior News Writer
24 May 2006 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Microsoft confirmed Tuesday that a previously unknown flaw in its Word application is being actively exploited. To blunt the threat, the vendor suggested customers only use Word in safe mode.

"Microsoft is investigating new public reports of limited 'zero-day' attacks using a vulnerability in Microsoft Word XP and Microsoft Word 2003," the company said in an advisory published this week. "In order for this attack to be carried out, a user must first open a malicious Word document attached to an email or otherwise provided to them by an attacker."

The advisory offers tells customers how to run the flawed Word 2002 and Word 2003 programs in safe mode. Microsoft also listed the following guidelines for using Office documents in safe mode:

  • Don't open Word files that are embedded in other applications, such as Excel, PowerPoint or others.
  • Even after the workarounds are applied, refrain from opening Word files directly from any mail clients (Outlook or Hotmail, for example) by double-clicking them. Users should save Word documents to a disk or on the desktop and use the "Word Safe Mode" shortcut.
  • Don't open .doc files from a Web site through Internet Explorer or any other browser.
  • If customers don't see "safe mode" in the Word title bar, they are not running Word in safe mode.
  • Customers should use Word Viewer 2003 to open and view files. The free Word Viewer 2003 does not contain the vulnerable code and is not susceptible to the current exploit.

    Targeted exploit code that takes advantage of Microsoft Word to open a backdoor for attackers was first reported in the wild late last week.

    Cupertino, Calif.-based antivirus giant Symantec Corp. raised its ThreatCon level from 1 to 2 (on a scale of 4) as a result of the exploit, currently known as Trojan.Mdropper.H.

    Symantec said the zero-day exploit arrives as a Word document attached to an email. The document appears to be of Japanese origin and includes text summarizing a recent U.S.-Asian political summit.

    The document's OLE structure is a dropper program called Backdoor.Ginwui. Once a victim opens the document, that program creates a backdoor for attackers to exploit the system using a previously unknown vulnerability.

    The software giant said it is completing a security bulletin for Word to address the vulnerability. "The security update is now being finalized through testing to ensure quality and application compatibility and is on schedule to be released as part of the June security updates on June 13, 2006, or sooner as warranted," Microsoft said.

    Tags: Securing Productivity ApplicationsSecurity Patch ManagementVIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



    RELATED CONTENT
    Securing Productivity Applications
    Software piracy group offers cash to whistleblowers
    How to secure a .pdf file
    How do hackers bypass a code signing procedure to inject malware
    Quiz: How to build secure applications
    How to detect software tampering
    Adobe fixes 29 flaws in Acrobat, Reader
    Adobe warns of critical update for Reader, Acrobat 9.1.3
    Why should we place data files on a separate partition than the OS?
    Adobe updates ColdFusion, JRun, Flex
    Serious Adobe Flash flaw being exploited

    Security Patch Management
    What patch management metrics does Project Quant use?
    Squad: Tokenization, Phishing and the Feds
    Should management processes change based on a patch release schedule?
    Should Windows Mobile updates come from Microsoft?
    Adobe updates ColdFusion, JRun, Flex
    Trusteer CEO criticizes Adobe, touts better patch deployments
    Patch management study shows IT taking significant risks
    Vulnerability mitigation study shows need for faster patching
    Microsoft to issue security report card, new tool at Black Hat
    How to manage patches for Adobe

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    sheepdip  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    • More Tips to Secure Your Network
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts